Security Operations Center
Resume:
Brigitte Richelle Dooh Moudoute
Security Operations Center (SOC) Analyst
Phone 770-***-****
Email *****************@*****.***
Address Cincinnati, OH
CAREER OBJECTIVE
A resourceful, self-motivated, goal-driven, and result-oriented cybersecurity professional with great accomplishments in working network, endpoint, and phishing investigations. Performing Intrusion Detection, Vulnerability Assessment, Incident Response, and strategies needed to safeguard highly sensitive systems, data, and communications resources.
EXPERIENCE
SECURITY OPERATION CENTER (SOC) ANALYST — Pitch Technologies
Cincinnati, OH, Feb 2020 - Present
Fully documenting assigned tickets to show all work performed and attach the required artifacts to pass SLRs
Monitored and analyzed incoming security alarms against cyber threats.
Monitored and responded to security incidents and alerts in an on-premises and cloud hybrid environment.
Developed and fine-tuned content rules for security events.
Identified and extracted IOCs from malicious code, including file hashes, domain names, IP addresses, and registry keys.
Provide detection, investigation, and response support for cloud platforms including AWS, Azure, and Google Cloud.
Utilized sandbox environments such as Cuckoo Sandbox and FireEye to safely execute and observe malware behavior.
Creating Firewall indicator sets with updated indicators of compromise.
Provided cyber security solution with the integration of ATAR (Automated Threat Analysis and Response) for different customers.
Perform real-time security event monitoring, Incident handling and response, Log management, and correlation using different SIEM and security tools.
Respond to security incidents of network intrusion and policy violations in a timely & proactive manner to ensure proper mitigation of security issues.
Handle tickets for end users request through ticketing tool ServiceNow.
Analyze network and host-based security appliance logs (Firewalls, Workstations) to determine the correct remediation actions and escalation paths.
Assist in developing and updating (Standard Operation Procedure) and playbooks for different incidents.
Work on improvements for provided security services, including the continuous enhancement of existing methodology material, and supporting assets for different clients.
Trained new analysts on network/host-based, malware, email security investigations.
Provide L2 support for SIEM security technologies, handle service requests and Security Incidents
Triaging and investigating incoming alerts generated from Splunk ES to determine the severity and impact of the event or incidents.
Reviewing and collecting asset data; indicators of compromise, logs, configurations and running processes, on these systems for further investigation and reporting.
Involved in planning and implementing preventative security measures and in building incident response and disaster recovery plans.
Using CrowdStrike to perform real time response (RTR) to manually eradicate any possible persistent IOC.
Investigating, analyzing, and processing retrospective and reported phishing email alerts from Proofpoint while following standard operating procedures. Further using O365 Threat Explorer to analyze and determine the scope of the phishing campaign.
Evaluating and processing Web Site Review Requests from internal users to access blocked websites using OSINT tools and business justification.
Utilizing CloudTrail, CloudWatch and VPC flow logs to investigate suspicious activities associated with EC2 instances, S3 buckets, IAM, API calls and other AWS resources
Collaborating with the AWS security team to enhance security monitoring and detection capabilities in AWS environments
Analyzing and resolving DLP alerts from McAfee DLP Manager and Splunk Enterprise Security (Splunk ES) and escalating cyber privacy incidents to the Privacy Team.
Working incidents from initial assignment to final resolution.
Assisting in building SOPs as needed or directed to facilitate SOC operations and processes.
Fully documenting assigned tickets to show all work performed and attached the required artifacts.
Performing Root Cause Analysis (RCA) and making preventative recommendations for incidents and events.
Assisting in creating new use cases followed by performing SOC testing
Conducting deep dive endpoint investigations using CrowdStrike EDR to determine the possible impact of an intrusion attempt.
Recognizing potential, successful, and unsuccessful intrusion attempts and compromises through reviews and analysis of security tools like Splunk and CrowdStrike EDR
Creating, tracking, and working to resolute normal and standard job-related change requests
Assisting with the creation of daily/monthly SOC reports and shift reports alongside pass down emails/information to the incoming team
Participating in daily security meetings with team members and customer teams.
DATABASE ADMINISTRATOR — World Park
Cincinnati, OH, July 2017 - Feb 2020
Provided 24x7 Production database support in Applications Development areas regarding database program design, implementation, and performance.
Extensively used Oracle Enterprise Manager (OEM) for Monitoring Sqls, Generating SQLs Explain plans, Generate AWR, ADDM and ASH reports, Generating Information Publisher Reports, Oracle database online patching etc.
Daily monitoring of databases validating Veritas NetBackups to make sure they complete with no errors.
Collaborated with DBA team to ensure timely data reloads to the ODS using the SQDATA capture agent.
Monitored production databases for space utilization and the need for design change or reorganization.
Participated in reviews to evaluate database performance and recommend solutions to ensure the effectiveness of scheme, tables, procedures, and permissions.
Tested database performance issues (monitoring and tuning) to ensure database optimization.
Defined and allocated space for all test databases
Participated in reviews to evaluate database performance and recommend solutions to ensure the effectiveness of scheme, tables, procedures, and permissions.
Implemented Oracle database backup & recovery solutions using RMAN as well as conventional backup methods EXPDP and IMPDP.
Assisted the Database Administration Supervisor with configuration management and database control programming.
Partitioned large tables to improve Performance
Automated database Performance reports
Provided status reports to the Database Administration Supervisor for all active and scheduled projects.
Created user accounts, roles and grant required access permissions and privileges to users based on the applications they are accessing.
Monitored standards and procedures to ensure recoverability and availability of production databases. Participate in disaster recovery testing efforts.
Assisted Lead DBA in the maintenance of the assigned DBMS-based application system and the associated security procedures.
Developed UNIX shell scripts and SQL scripts to carry out routine checks on databases.
Performed point-in-time recovery.
EDUCATION
BACHELOR OF SCIENCE (B.S.) IN CYBERSECURITY ENGINEERING (In Progress)
University of Cincinnati
SKILLS
Malware Analysis/Endpoint Security
Network Security Protocols/TCP/IP
Jira ServiceNow Confluence
McAfee Web Gateway Bluecoat
FireEye Palo Alto/Cisco IronPort
Microsoft Office 356 SharePoint OneDrive
Firepower Cyber Kill chain Mitre Att&ck
Incident Response/Cyber Threat Intelligence
Cloud Computing
Splunk CrowdStrike Nessus
O365 Snort Firepower FireEye
Linux Windows Active Directory
Virus Total Domain Tools IP/URL void, IBM X-Force
Anyrun Threat Grid Sandbox
CERTIFICATIONS
CompTIA Security +
Splunk Fundamentals 1
Pen Testing
Network +
Contact this candidate